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AMENDMENTS TO THE SPECIMCATION 



Please amend the paragraph starting on page 1, line 16, as follows: 
-In conventional cryptosystems, crvptogr^hic o rvpoto^phio algoritbm is derived fix>m 
mafhematioal models. It makes people believe it is impossible to extract secret key with a low 
complexity algorithm. However some problems caused during cryptographic o rypotographio 
implementations are not considered witiun mathematical models and what allows attacks to find 
out the secret keys via some indirect techniques such like microprobing, reverse engineerings 
memory read-out techniques^ etc. To prevent these attacks, a variety of physical techniques for 
protecting cryptographic devices are known» including enclosing key management systems in 
physically durable enclosures, coating integrated circuits with special coatings that destroy the 
chip when removed, and wrapping devices with fine wires that detect tampering. However, these 
approaches are difficuh to use in single-chip solutions (such as smartcards), and difficult to 
evaluate since there is no mathematical basis for their security. Physical tamper resistance 
techniques are also ineffective against some attacks.— 

Please amend the paragraph starting on page 3, line 21 , as follows: 

—According to "Paul C. Kocher in his paper, Timing attacks on implementations of 

Diffie-HeUman» RSA, DSS. and other systems. Proceedings of Crypto '96, 1996", and "Paul C. 

Kocher in his paper, Kocher, Cryptanalysis of Diffie-Hellman, RSA, DSS. and other systems 

using timing attacks, Dec. 7, I99S'\ some information about the crvptographi c oTVpotogmphio 

key leak out by measuring the length of cryptographic computation.- 
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Please amend the paragraph starting on page S, line IS, as follows: 
—As the aforementioned, operation of modulo-multiplication or modulo-squaring occurs 
at any particular time is controlled by a conditional jump (line 4 in FIG.l) that depends on the 
value of the exponent, e, as it is traversed, commonly bit-^by-bit. Based on this simple theory^ 
there is an improved crvptQgraphic c rvpQto f^aphio algorithm which is shown in FIG.3. This 
algorithm reduces leakage from cryptosystems by implementing critical operations using fixed 
execution path routines whereby the execution path does not vary in any manner that can reveal 
useful information about the secret key during subsequent operations so as to protect 
crvptQgraphicef^iyfttogfaplHc keys against timing attacks and power monitoring attacks.- 

Please amend the paragraph starting on page 6, line 1 9, as follows: 
—Fault attacks try to introduce errors into the cryptographic o rypotographio computation, 
and to identify the key by analyzing the matiiematical and statistical properties of the erroneously 
computed results. Among the many techniques that suggested so far for introducing such errors 
are the uses of ionizing radiation, unusual operating temperatures, power and clock glitches, and 
laser-based chip microsurgery.— 

Please amend the paragraph starting on page 7, line 1, as follows: 

— C safe-error attacks introduce temporal error within ALU so as to induce temporal 
erroneous computation. Some of the attacks carry out an erroneous computation, while others 
won't Upon these different outputs, some information of the CTvptographio o rypotojgraphio key 
will be revealed. In FIG.3, when some e^ = 0, Sb = (Sb» S2) mod n is a redimdant computation. It 
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is to say that if a temporal error is introduced during this computation, it will induce an enoneous 
computation but tins erroneous result will not affect the next computation cycle, so the final 
output will still be the same. If the attacker introduce a single error at a random time during the 
computation of Sb ^ (Sb* S2) mod n» by observing whether the ou^ut of the computation is with 
error or not, the attacker can realize the corresponding bit of the secret key. If the output is with 
error, the corresponding digit of the secret key is 1; otherwise^ the corresponding digit of the 
secret key is 0,- 

Please amend the paragraph starting at page 9* line 5. as follows: 

—In accordance with the present invention, a novel crvptoEa'aphic o rvpotographic 
algorithm is provided that substantially overcomes the drawbacks of the above mentioned 
problems.*' 

Please amend the paragraph starting on page 9, line 14, as follows: 

-It is another object for present invention to provide a modular exponentiation algorithm 

without any redundant calculation in it so as to be substantially immune from thebefe C safe-* 

error attack.— 

Please amend the paragraph starting page 10, line 16» as follows: 

-This invention provides a method, an ^paratus or a computer-readable medium for 
protecting public key schemes from timing, power monitoring and fault attacks comprising the 
steps of: 1. obtaining a message for use in a cryptographic crvDotoprQphio operation; 2. obtaining 
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a modulus and an exponent corresponding to said eryptogrgyhic e aypotogrophiQ operation, 
wherein said exponent contains at least one bit; 3. initializing a first value as [[a]] one, and 
assigning the message to a second value; 4. executing a modulo exponentiation algorithm on 
each bit of the exponent firom a most significant bit to a least significant bit> wherein the 
algorithm comprising the steps of: a. input a bit to an inverter and storing the output as a third 
value, and assigning the next bit of the exponent as a fourth value; b, if the third value is a zeio, 
updating the first value with the result of squaring, modulo the modulus the first value, if the 
third value is [[a]] one, updating the first value with the result of multiplying, modulo the 
modulus said first value by the second value; and c. if the fourth value is [[a]] zero, iqpdating the 
first value with the result of squaring, modulo the modulus the first value^ if the fourth value is 
[[a]] one, updating the first value with the result of multiplying, modulo the modulus the first 
value by the second value; S. updating the bit with the next bit of the exponent, and executing 
steps of the algorithm on the bit until the bit being the least significant bit of the exponent; and 6. 
storing and output the first value.— 

Please add the following paragraph after the paragraph ending on page 11, line 15: 
-Fiuther scope of the applicability of the present invration will become apparent fiiom 
the detailed description given hereinafter. However, it should be imderstood that the detailed 
description and specific examples, while indicating preferred embodiments of the invention, are 
given by way of illustration only, since various changes and modifications within the spirit and 
scope of the invention will become apparent to those skilled in the art firom this detailed 
description.— 



5 



KM/asc 



PAGE 8/23'RCVDAT12Q8l2006 3:01:38 PM [Eastern Standv^ 



•DEC-28-2006 THU 02:51 PM BSKB 



FAX NO. 703 205 8050 



P. 



ApplicadonNo. 10/615,065 



Docket No.: 4444^2d4PU$1 



Aiiiendmem dated December 2S, 20^ 
Reply to OfiGkse AciicKaof Sqitinr^ 

Please amend the paragraph beginning on page 11, line 19, as follows: 
—The foregoing ocpootQ and mimv of the - attondmit advqntaaos of this p resent in vention 
will become more roodilv appreciated f uHy o fi tbo samo booom e G b e tt e r u nderstood by roforonoo 

l€^ — from the following detailed descriptio n, whon token m coniunotion with and t he 

accompanying drawings, which are given bv wav of illustration only, and thus are not limitative 
of the present invention, and w herein:-- 

Please amend the paragraph starting at page 1 3, line 22, as follows: 
-The present invention provides an algorithm as in FIG.4. At the beginning, obtaining a 
message M for use in a crvptofflraphic o rvpotoprDphiQ operation and an exponent e«(ew.u ew-a,. . 
ei, eo) and a correlated modulus n then initializing S<f=1, assigning M to Si, and let e.i=l (100), 
then set kr=w-l and executing a modulo exponentiation algorithm on each bit of the exponent 
from the most significant bit (ew-i) to the least significant bit (eo), wherein the algorithm 
comprising the steps of: 1. Input the bit ejc to an inverter and storing the output as a value b, and 
assigning the next bit ev-j as a value c; 2. Executing So=(So*Sb) mod n and So=(So*Sc) mod n 
(130) 3, ^cecuting k=fc-l (140); 4. Repeating step 1 to step 3 until finishing the loop of k=0; S. 
Storing and output So (ISO).-- 
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